INSTALLATION & CONFIGURATION of HTTPD / APACHE Web Server
Index What is apache httpd server ? What is PHP ? Installing apache web server Verify installed apache web server. Installing PHP5 Manage Apache Web Server Configuration file of Apache Web Server Type of Virtual Hosting in Apache Web Server Name Based Virtual Hosting IP Based Virtual Hosting Log file location of Apache Web Server Verify PHP integration with Apache Web Server SSL with Apache Web Server Access Control in Apache Web Server User Based Access Control in Apache Web Server Add module in working Apache Web Server Fine-tune the PHP
What is apache httpd server? Apache HTTPD provides the service with which the client Web browsers communicate. The daemon runs in the background on your server and waits for requests from clients. Web browsers connect to the HTTP daemon and send requests, which the daemon interprets, sending back the appropriate data.
What is PHP ? PHP Hypertext Preprocessor (PHP). PHP is a programming language that was developed specifically for use in Web scripts. It is preferred by many developers because it’s designed to be embedded within HTML documents, making it simpler to manage Web content and scripts within a single file.
Installing Apache Yum install httpd OR Rpm -ivh httpd el5.rpm Note: yum only work when you have registered with redhat and also connected to internet.
Verify Installed HTTPD/Apache Rpm -q httpd OR Rpm -qa | grep httpd
Installaing PHP yum install php5 OR Rpm -ivh php el5.rpm Note: yum only work when you have registered with redhat and also connected to internet.
Start / Stop / Restart HTTPD / Apache service httpd start Service httpd stop Service httpd restart
HTTPD Config File /etc/httpd/conf/httpd.conf ## Configuration file of HTTPD Server. /etc/httpd/conf.d ## Config Folder for squirrelmail, phpmyadmin. If you install via rpms. /var/www/html ## Defines the directory in which the web pages for the site can be found
General Settings Listen 80## Define the port no. for the httpd web server. ServerRoot "/etc/httpd"## Defines the directory in which the configuration of httpd web server can be found DocumentRoot "/var/www/html"## Defines the directory in which the web pages for the site can be found ServerName Defines the name of the website managed by the container. Include conf.d/*.conf## Load config files from the config directory. DirectoryIndex index.html welcome.html ## sets the file that Apache will serve if a directory is requested. AllowOverride None Options None Order allow,deny Allow from all
General Settings Redirect permanent /google ## now you can access google.com via /googlehttp:// Alias /data/ "/data/" ## Now you can access data folder, which is exist in / via ErrorDocument 404 /error/error404.html ## Define your own error Messages. ServerTokens Prod ##This directive configures what you return as the Server HTTP response Header. The default is 'Full' which sends information about the OS-Type and compiled in modules. Set to one of: Full | OS | Minor | Minimal | Major | Prod. where Full conveys the most information, and Prod the least. LoadModule auth_basic_module modules/mod_auth_basic.so # LoadModule auth_basic_module modules/mod_auth_basic.so ## To Make any module disable, add the # sign in front of line. To Make any module enable, remove the # sign in front of line, if available there. Note: Please disable all non-requred modules in HTTPD web server. Because it is vulnerability and also slow down the performance of HTTPD Web Server.
General Settings Options Indexes FollowSymLinks ## If a URL that maps to a directory is requested and there is noDirectoryIndex (for example, index.html) in that directory, then the server returns a formatted listing of the directory. Options -Indexes MultiViews ## Note: Remove the indexes from options directive, If really no need.
Type of Virtual Hosting Name Based Virtual Hosting IP Based Virtual Hosting
Name Base Virtual Hosting NameVirtualHost *:80 DocumentRoot /www/domain ServerName DocumentRoot /www/subdomain ServerName Note: For Name Based Virtual Hosting, you also required configured dns server. So that it can easily translate IP Address to FQDN.
IP Based Virtual Hosting DocumentRoot /var/www/html/otherdomain ServerName
Httpd Log Files Location /var/log/httpd Access log file of HTTPD /var/log/httpd/access.log Error log file of HTTPD /var/log/httpd/error.log Note: To check the logs, use command “ tail /var/log/httpd/access.log ”.
Verify PHP integration with HTTPD Cat > /var/www/html/info.php ^D Chmod 644 /var/www/html/info.php Note: After everything test & working should remove the info.php file so that it can't be used by potential attacker to gather specific about your system.
Output of
create a self-signed SSL Certificate # yum install openssl# to install the OpenSSL Package # rpm -ivh openssl-0.9.8b-8.3.el5 mkdir /etc/httpd/conf/ssl.key && cd /etc/httpd/conf/ssl.key/ Generate a Private Key openssl genrsa -des3 -out server.key 1024 Generate a CSR (Certificate Signing Request) openssl req -new -key server.key -out server.csr Remove Passphrase from Key cp server.key server.key.org openssl rsa -in server.key.org -out server.key Generating a Self-Signed Certificate openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Installing the Private Key and Certificate chmod 755 /etc/httpd/conf/ssl.crt/server.crt chmod 755 /etc/httpd/conf/ssl.key/server.key
Configuring SSL Enabled Virtual Hosts SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key Add an SSL-enabled virtual host to your Apache configuration files. Using the earlier virtual host as an example, your configuration will look something like this: Listen *:443 ## Add this line after Listen *:80 :443> ServerName secure.example.org DocumentRoot /home/username/public_html/ DirectoryIndex index.php index.html index.htm SSLEngine On SSLCertificateKeyFile /etc/apache/ssl.key/server.key SSLCertificateFile /etc/apache/ssl.crt/server.crt Test the configuration apachectl configtest Restart Apache and Test /etc/init./apache2 restart
Modifying httpd.conf file Search For /Redirect Tag And Type Shown Below vi /etc/httpd/conf/http.conf Redirect / Start The Apache Service Access The Application Using /etc/httpd/logs/ssl_access_log
Setting Up User Based Access Control htpasswd -c /etc/http-passwd user-name htpasswd -c /etc/http-passwd second-user AuthType Basic AuthName “Restricted Directory” AuthUserFile /etc/http-passwd Require user paul
Add Module in working HTTP server Build and install a third-party Apache module, say mod_foo.c, into its own DSO mod_foo.so outside of the Apache source tree using apxs (Apache Extension): $ cd /path/to/3rdparty $ apxs -c mod_foo.c $ apxs -i -a -n foo mod_foo.la vi httpd.conf LoadModule mymodule /usr/lib/httpd/modules/mymodule.so
Controlling Apache processes StartServers ## initial number of server processes to start. MaxClients ## maximum number of simultaneous client connections. MinSpareThreads ## minimum number of worker threads which are kept spare. MaxRequestsPerChild ## maximum number of worker threads which are kept spare. ThreadsPerChild ## constant number of worker threads in each server process. MaxRequestsPerChild ## maximum number of requests a server process serves.
Fine-tune the PHP Four important settings control how much system resources PHP can consume Setting DescriptionRecommended value max_execution_timeHow many CPU-seconds a script can consume30 max_input_timeHow long (seconds) a script can wait for input data60 memory_limitHow much memory (bytes) a script can consume before being killed32M output_bufferingHow much data (bytes) to buffer before sending out to the client 4096
LAB Demonstration of hosting a website by using APACHE.
What is performance tuning Utilizing resources as efficiently as possible – Not always speed! It’s not always a good idea – Use with care: It can break things – Buy more hardware instead Helps against bottlenecks, not underpowered systems as a whole
Tuning Apache (1) Make Apache do less Disable unused processing (pre and post): – mod_includes – ExtendedStatus Disable DNS and User lookups Avoid disk operations: – AllowOverride – FollowSymlinks mod_disallow_uid for security
Example HostNameLookups off UserDir /home/*/WWW AllowOverride None Options FollowSymlinks DisallowUid 0 DisallowGid 0
Tuning Apache (2) Make Apache wait less Tune process model – MinSpareServers – MaxSpareServers – StartServers – MaxClients – MaxRequestsPerChild
Tuning Apache (3) Avoid running other applications on the same servers Do not run out of memory – Swapping kills performance Offload functionality – Use a frontproxy to serve static data – Use a frontproxy or similar to handle SSL
Tuning Apache (4) Make Apache work smartly Compress data – mod_gzip or mod_compress Throttle popular sites or directories – By OS, or mod_bandwidth or mod_throttle For mass virtualhosting, use mod_rewrite or mod_vhost_alias Write site-specific modules, or adapt existing ones
Tuning Apache (5) KeepAlive Requests Persistent connections Multiple requests over one TCP socket Directives: – KeepAlive – MaxKeepAliveRequests – KeepAliveTimeout
Example mod_gzip_enable Yes mod_gzip_item_include mime text/.* mod_gzip_item_exclude mime text/compressed BandwidthModule On Bandwidth /23 0 Bandwidth all 1024 MinBandwidth -1 XS4ALLUserDir WWW
Tuning Applications Optimize your scripts/programs Use a language specific interpreter-module – mod_perl – mod_python, mod_snake – mod_dtcl, NeoScript, many more – mod_php – mod_ruby Use FastCGI Rewrite C programs directly into Apache as a module
Tuning the Operating System Free up memory Raise process limits (for Apache) Disable process accounting Tune the kernel (maxproc, shmem, maxfd, TCP stack) When possible, disable ‘atime’ updates Choose the best accept-serializing strategy (in Apache 2.0, choose the best MPM)
Troubleshooting Common pitfalls and their solutions
Check your error_log The first place to look Increase the LogLevel if needed – Make sure to turn it back down (but not off) in production
Check Apache Health server-status – ExtendedStatus (see next slide) Verify “httpd -V” ps -elf | grep httpd | wc -l – How many httpd processes are running?
server-status Example
Other Possibilities Set up a staging environment Set up duplicate hardware Check for known bugs –
Common Bottlenecks No more File Descriptors Sockets stuck in TIME_WAIT High Memory Use (swapping) CPU Overload Interrupt (IRQ) Overload
File Descriptors Symptoms – entry in error_log – new httpd children fail to start – fork() failing across the system Solutions – Increase system-wide limits – Increase ulimit settings in apachectl
TIME_WAIT Symptoms – Unable to accept new connections – CPU under-utilized, httpd processes sit idle – Not Swapping – netstat shows huge numbers of sockets in TIME_WAIT Many TIME_WAIT are to be expected Only when new connections are failing is it a problem – Decrease system-wide TCP/IP FIN timeout
Memory Overload, Swapping Symptoms – Ignore system free memory, it is misleading! – Lots of Disk Activity – top/free show high swap usage – Load gradually increasing – ps shows processes blocking on Disk I/O Solutions – Add more memory – Use less dynamic content, cache as much as possible – Try the Worker MPM
How much free memory do I really have? Output from top/free is misleading. Kernels use buffers File I/O uses cache Programs share memory – Explicit shared memory – Copy-On-Write after fork() The only time you can be sure is when it starts swapping.
CPU Overload Symptoms – top shows little or no idle CPU time – System is not Swapping – High system load – System feels sluggish – Much of the CPU time is spent in userspace Solutions – Add another CPU, get a faster machine – Use less dynamic content, cache as much as possible
Interrupt (IRQ) Overload Symptoms – Frequent on big machines (8-CPUs and above) – Not Swapping – One or two CPUs are busy, the rest are idle – Low overall system load Solutions – Add another NIC bind it to the first or use two IP addresses in Apache put NICs on different PCI busses if possible
Questions ?